A Sweet Taste for Intruders: Honey Encryption
In the BA hack over 380,000 customers had their credit card details stolen, so let’s look at a way of making fake credit card details. In this case we will create an encryption method which makes the credit card values look valid, but where they are actually encrypted. It is basically the art of turning encrypted values into something which looks valid.
An intruder can get into a company’s database with your customers details, and the details will be encrypted with a secret key. They then try a range of keys and search for a valid credit card as a result, and then find one key that matches.
I am going to demo Honey encryption in this article. If you want to try it, it is here:
- credit_card=4117700001669792, secret=20481017, guess=34963288. Try
- credit_card=4117700001669792, secret=20481017, guess=20481017. Try
Giving the game away…
A problem we thus have with encryption is that an intruder will use brute-force to determine the key used to encrypt data. They will thus try a range of keys or pass phrases until they get a valid output. In this case when an intruder tries a key it will generate an exception in the software, which identifies that the key is not valid. With computing power increasing, by the day, it is becoming…
